Posts from the ‘BYOD’ Category

Jan 28

Five Factors Predicting The Future Of MacOS Management And Security

Bottom Line: Going into 2020, CISOs’ sense of urgency for managing their fleets of Android, Apple iOS & macOS, Windows Phone, and Windows 10 devices all from an integrated Unified Endpoint Management (UEM) is transforming the MacOS Management and Security landscape.

For many, CISOs, the highest priority project they’re starting the New Year with is getting their diverse fleet of devices on a common unified endpoint management platform. “We’ve gone through no less than a dozen UEMs (Unified Endpoint Management) systems, and they are either very good at supporting iOS and macOS or terrible at every other operating system or vice versa,” the CISO of a leading insurance and financial services firm told me over lunch recently. “Our sales, marketing, graphic artists, DevOps, and Customer Success teams all are running on Macs and iPhones, which makes it even more of a challenge to get everyone on the same endpoint management platform.” He went on to explain that the majority of macOS and iOS endpoint management systems aren’t built to support the advanced security he needs for protecting Android, Windows Phone, and Windows 10 devices.

Unified Endpoint Management is a key CISO priority in 2020

macOS and iOS devices had their own endpoint management tools in previous years when they were limited in use. Now they’re common in the enterprise and need to be considered part of an organization-wide fleet of devices, making it a high priority to add them to the unified endpoint management platform all other devices are on. Further accelerating this change is the success of BYOD policies that give employees the choice of using the tablets, smartphones, and laptops they’re the most productive with. One CISO told me their BYOD program made it clear macOS and iOS are the de facto standard across their enterprise.

While endpoint management platforms are going through an Apple-driven inflection point, forcing the need for a more inclusive unified endpoint management strategy, CISOs are focusing on how to improve application and content control at the same time. How enterprises choose to solve that challenge are predicting the future of MacOS management and security.

Five Factors Driving the Future of macOS Management and Security

CISOs piloting and only buying platforms that can equally protect every device operating system, macOS, and iOS’ rapidly growing enterprise popularity and better support for adaptive access are a few of the catalysts redefining the landscape today. The following five factors are defining how MacOS Management and Security will improve in 2020:

Enterprises need more effective endpoint and application management that includes Android, Apple iOS & macOS, Windows Phone, and Windows 10. There’s a major gap in how effective endpoint protection is across the UEM platforms today. Data-at-risk encryption and App distribution, or how well a UEM system can create, update, and distribute macOS applications are two areas cybersecurity teams are focusing on today.

System integration options needs to extend beyond log reports and provide real-time links to Security Information and Event Management (SIEM) systems. CISOs and their cybersecurity teams need real-time integration to incident management systems so they can be more effective troubleshooting potential breach attempts. Sharing log files across other systems is a first step, yet real-time integration is clearly what’s needed to protect enterprises’ many devices and threat surfaces today. The following Splunk dashboard illustrates the benefits of having real-time integration beyond log reports, encompassing SIEM systems:

UEM platforms that differentiate between corporate-owned and personal devices, content and authentication workflows, and data are defining the future of macOS Management and Security. Key factors that CISOs need in this area of unmanaged device support include more effective content separation, improved privacy settings, support for actions taken on personally-owned devices, and role-based privacy settings. MobileIron is a leader in this area, with enterprises currently using their role-based workflows to limit and verify access to employee-owned devices. MobileIron can also limit IT’s scope of control over an employee device, including turning off location tracking.
Support and proven integration of Identity solutions such as Okta, Ping Identity, Microsoft, and Single sign-on (SSO) are defining the future of adaptive access today. This is the most nascent area of UEM platform development today, yet the one area that CISOs need the greatest progress on this year. Endpoint protection and system integration are the two areas that most define how advanced a given UEM providers’ platform is today.
The ability to provision, revoke, and manage device certificates over their lifecycles is becoming a must-have in enterprises today. UEM platforms, in large part, can handle certificate device provisioning, yet Certificate Authority (CA) integration is an area many struggle with. CISOs are asking for more effective certificate lifecycle management, especially given the proliferation of macOS and iOS devices.

Conclusion

The five factors of MacOS management and security are transforming the Unified Endpoint Management (UEM) solution landscape. CISOs often speak of wanting to have a more integrated UEM strategy, one that can provide better SIEM system integration, differentiate between corporate-owned and personal devices, and also manage the lifecycles of device certificates. MobileIron has proven their ability to scale in a BYOD world and is a UEM vendor to watch in 2020.

Dec 21

Shadow IT Is The Cybersecurity Threat That Keeps Giving All Year Long

More than 5,000 personal devices connect to enterprise networks every day with little or no endpoint security enabled in one of every three companies in the U.S., U.K., and Germany.
More than 1,000 shadow IoT devices connect to enterprise networks every day in 30% of the U.S., U.K., and German companies.
12% of U.K. organizations are seeing more than 10,000 shadow IoT devices connect to their enterprise networks every day.
Associates most often use shadow IT devices to access social media (39%), followed by downloading apps (24%), games (13%), and films (7%). Hackers, organized crime and state-sponsored cybercrime organizations rely on social engineering hacks, phishing, and malware injection across these four popular areas to gain access to enterprise networks and exfiltrate data.

Shadow personal IoT voice assistants, Amazon Kindles, smartphone, and tablet devices are proliferating across enterprise networks today, accelerated by last-minute shopping everyone is trying to get done before the end of December. 82% of organizations have introduced security policies governing the use of these devices but just 24% of employees are aware of them. Meanwhile, the majority of IT senior management, 88%, believe their policies are effective. These and many other fascinating insights are from a recent study completed by Infoblox titled, What is Lurking on Your Network, Exposing the threat of shadow devices (PDF, 7 pp., no opt-in).

Shadow IT’s Security Gaps Create New Opportunities For Hackers

Gaps in threat surface and endpoint security are what hackers, organized crime, and state-sponsored cybercrime organizations thrive on. The holidays create new opportunities for these organizations to capitalize on security gaps using social engineering hacks, phishing, malware injection and more. “With cybercriminals increasingly exploiting vulnerable devices, as well as targeting employees’ insecure usage of these devices, it is crucial for enterprise IT teams to discover what’s lurking on their networks and actively defend against the threats introduced,” Gary Cox, Technology Director, Western Europe for Infoblox said. Just a few of the many threats include the following:

A quick on-ramp for hackers to exfiltrate data from enterprise systems. Every personal device left unprotected on an enterprise network is an ideal threat surface for hackers and other malicious actors to infiltrate an enterprise network from. The most common technique is to use DNS tunneling, which enables cybercriminals to insert malware or pass stolen information into DNS queries, creating a covert communication channel that bypasses most firewalls. Project Sauron was one particularly advanced threat, which allegedly went undetected for five years at a number of organizations that used DNS tunneling for data exfiltration.
Distributed Denial of Service (DDoS) attacks are often launched from a series of hijacked connected devices that are often the least protected threat surface on corporate networks. It’s common for DDoS attacks to begin with malicious actors hijacking any vulnerable device they can to launch repeated and frequent queries that bombard the Domain Name Server (DNS) with the intent of slowing down its ability to process legitimate queries, often to the point that it can no longer function.
Creating and targeting Botnet armies using vulnerable IoT devices to attack organizations’ enterprise systems is increasing, according to Verizon’s latest 2019 Data Breach Investigations Report. “Botnets are truly a low-effort attack that knows no boundaries and brings attackers either direct revenue through financial account,” according to Verizon’s 2019 study. Botnets are also being used to steal privileged access credentials to an enterprises’ systems that are being accessed from the same personal devices employees are using for social media access and shopping. There have been over 40,000 breaches initiated using botnets this year so far, according to Verizon. The report notes that a variant of the Mirai IoT botnet began scanning for vulnerable Drupal servers in April of this year and was successful in finding the most vulnerable systems globally to install crypto mining software. The attack is known as Drupalgeddon2, and the scope of its vulnerabilities are still being discovered today.
Unsecured personal devices connected to enterprise networks are ransomware landing zones. 70% of all malware attacks happen in healthcare according to Verizon’s 2019 Data Breach Investigations Report because patient health records are bestsellers on the Dark Web, ranging in price from $250 to over $1,000 per record. Ransomware is a form of malware that, once it takes over a computer or network, threatens to deny access to or destroy an organizations’ data. Ransomware can easily intercept an enterprise network after being accidentally downloaded by an employee on either a business or personal device connected to a network.

Where To Start: Secure The Networks Shadow IT Relies On

Chief Information Security Officers (CISOs) have told me that the most challenging aspect of securing the proliferation of shadow IT devices is protecting the multitude of remote locations that together form their distributed networks. They’re saying that in 2020, enabling network security is the greatest challenge their enterprises will face. More enterprises are adopting cloud-based DDI platforms that enable enterprises to simplify the management of highly distributed remote networks as well as to optimize the network performance of cloud-based applications. Leaders in this area include Infoblox, a leader in SD-WAN and cloud-based DDI platforms for enterprises. Here are the most common strategies they’re relying on to secure their distributed networks based on the proliferation of personal devices:

Integrating threat intelligence data to evaluate if specific sites and applications are high risk or not. IT administrators need to deploy solutions that allow them to build safeguards that will prevent potential dangerous activity occurring on the network. Integrating threat intelligence data into DNS management enables security teams to monitor and prevent access to Newly Observed Domains. Many new domains will be set up ahead of phishing and/or spear-phishing campaign, so in preventing access to these sites, organizations can reduce the risk of employees accidentally introducing malware through clicking through to insecure links on personal devices connected to the enterprise network.
Set the goal of achieving full visibility across distributed networks by starting with a plan that considers cloud-based DDI platforms. CISOs and the IT teams working with them need to translate their policies into action by achieving more unified visibility by upgrading their core network services, including DNS, DHCP, and IP address management, on cloud-based DDI platforms to bring greater security scale and reliability across their enterprise networks.
Design in greater DNS security at the network level. Enterprise networks are heavily reliant on DNS, making them an area malicious actors attempt to disrupt in their broader efforts to exfiltrate valuable data from organizations. Existing security controls, such as firewalls and proxies, rarely focus on DNS and associated threats – leaving organizations vulnerable to highly aggressive, rapidly proliferating attacks. When secured, the DNS can act as an organization’s first line of defense. The DNS can provide essential context and visibility, so IT teams can be alerted of any network anomalies, report on what devices are joining and leaving the network, and resolve problems faster.

Conclusion

Bring Your Own Device (BYOD) initiatives’ benefits far outweigh the costs, making the business case for BYOD overwhelming positive, as seen in how financial services firms stay secure. Enterprises need to consider adopting a cloud-based DDI platform approach that enables them to simplify the management of highly distributed remote networks as well as to optimize the network performance of cloud-based applications. Many CISOs are beginning to realize the model of relying on centralized IT security isn’t scaling to support and protect the proliferation of user devices with internet access, leaving employees, branch offices, and corporate networks less secure than ever before. Every IT architect, IT Director, or CIO needs to consider how taking an SDWAN-based approach to network management reduces the risk of a breach and data exfiltration.

Nov 12

1 Comment

Financial Services Rely On BYOD – How Do They Stay Secure?

Bottom Line: 2020 is going to be the year companies launch more digital business initiatives that depend on BYOD than ever before, making Zero Trust Security a key contributor to their success.

Financial Services firms are at an inflection point going into 2020. Mobile-first products and services now dominate their product roadmaps for next year, with applications’ speed and security being paramount. In fintech, DevOps teams have been working with AngularJS for years now, and the scale and speed of their applications reflect their expertise. How well existing IT infrastructure flexes to support the new mobile-first product and services strategies depends on how quickly members of IT, customer service, and customer success teams can respond. BYOD is proving invaluable in achieving the speed of response these new digital business models require.

In 2020 more employees of Financial Services firms will rely on their mobile devices as their primary form of digital ID than has ever been the case before. A recent survey conducted by IDG in association with MobileIron found that 89% of security leaders believe mobile devices will be the primary digital ID employees use to gain access to resources and get work done. The CIOs I’ve spoken agree. A copy of the IDG and MobileIron study, Say Goodbye to Passwords, can be downloaded here.

Counting On BYOD To Deliver Responsiveness And Speed

CIO and IT bonuses are often indexed to the revenue contributions their new products and services deliver, making speed, scale, security, and responsiveness the most important features of all. Fintech CIOs are saying that BYOD is proving indispensable in scaling IT in support of new digital business initiatives as a result. By 2022, 75% of smartphones used in the enterprise will bring your own device (BYOD), up from 35% in 2018, forcing a migration from device-centric management to app- and data-centric management, according to Gartner’s Competitive Landscape: Managed Mobility Services.

Two factors continue to propel BYOD adoption in financial services, fueling the need for Zero Trust Security across every mobile device. The first is the need for real-time responsiveness from internal team members and the second is having every threat surface protected without degrading the time to respond to customers. Every CIO, IT and Product Management leader I’ve spoken with mention the race they are in to deliver mobile-first products and services early in 2020 that redefine their business. With every identity being a new security perimeter, Financial Services firms are relying on Unified Endpoint Management (UEM), multi-factor authentication (MFA), and additional zero trust-enabling technologies as an integral part of their Enterprise Mobility Management (EMM) strategy. Their goal is to create a Zero Trust Security framework that protects every mobile device endpoint. Leaders in this field include MobileIron, who also provides zero sign-on (ZSO), and mobile threat defense (MTD) in addition to UEM and EMM solutions today. The following are the key features every BYOD program needs to offer to stay secure, scale and succeed in 2020:

Separation of business and personal data is a must-have in any BYOD security strategy. FinTechs who have the greatest success with BYOD as part of their digital initiatives are relying on Enterprise Mobility Management (EMM) to selectively wipe only the business data from a device in the event it is compromised.
An interactive, intuitive user experience that can be quickly customized at scale by role, department, and workflow requirements without impacting user productivity. Too often BYOD users have had to trade off having stronger security on their own devices versus using a company-provided smartphone to get remote work done. The best EMM and UEM solutions in the market today enable Zero Trust by treating every identity as a new security perimeter.
Define the success of a BYOD security strategy by how well it immediately shuts down access to confidential data and systems first. Being able to immediately block access to confidential systems and data is the most important aspect of securing any BYOD across a network.
Limit access to internal system resources based on the employee’s department, role, and function to eliminate the risk of confidential data ending up in a personal app. EMM solutions have progressed quickly, especially on the dimension of providing Zero Trust Security across BYOD networks. Look for an EMM solution that gives the administrator the flexibility of limiting mobile device access to a specific series of services and access points based on an employees’ role in a specific department and the scope of data they need access to.
Proven multi-operating system expertise and support for legacy internally created mobile applications and services. One of the main reasons BYOD is succeeding today as an enablement strategy is the freedom it gives users to select the device they prefer to work with. Supporting Android and IOS is a given. Look for advanced EMM and UEM solutions that also support legacy mobility applications. The best BYOD security solutions deliver device and application compatibility with no degradation in security or performance.

Conclusion – Why BYOD Strategies Need Zero Trust Now

Trust-but-verify isn’t working today. Attackers are capitalizing on it by stealing or buying privileged access credentials, accessing any system or database they choose. Financial Services firms fully expect their new products and services launching in 2020 to face an onslaught of breach and hacking attempts. Trust-but-verify approaches that are propagated across an enterprises’ BYOD base of devices using Virtual Private Networks and demilitarized zones (DMZ) impede employee’s productivity, often force login authentication. Trust-but verify doesn’t scale well into BYOD scenarios, leaving large gaps attackers can gain access to valuable internal data and systems. For BYOD users, trust-but-verify reduces productivity, delivers poor user experiences, and for new business models, slower customer response times.

By going to a Zero Trust Framework, Financial Services firms will be able to treat every identity and the mobile device they are using as their new security perimeter. Basing a BYOD strategy on a Zero Trust Framework enables any organization to find the correlation between the user, device, applications, and networks in milliseconds, thwarting potential threats before granting secure access to the device. Leaders delivering Zero Trust for BYOD include MobileIron, who provides endpoint management (UEM) capabilities with enabling technologies of zero sign-on (ZSO) user and device authentication, multi-factor authentication (MFA), and mobile threat detection (MTD).